blah/blahrs
1
0
Fork 0
mirror of https://github.com/Blah-IM/blahrs.git synced 2025-05-01 08:41:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove(webapi)!: remove auto user creation on joining or creating room

Browse source 
User must be explicitly created forehand using the registration API
(coming soon).
This commit is contained in:
oxalica 2024-09-16 06:34:27 -04:00
parent 985ea1d68a
commit 7f74d73c8c
3 changed files with 66 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
blahd/src/lib.rs
View file

@ -434,6 +434,23 @@ async fn room_create_peer_chat(
let mut conn = st.db.get(); let mut conn = st.db.get();
let txn = conn.transaction()?; let txn = conn.transaction()?;
let src_uid = txn
.query_row(
r"
SELECT `uid` FROM `user`
WHERE `userkey` = ?
",
params![src_user],
|row| row.get::<_, i64>(0),
)
.optional()?
.ok_or_else(|| {
error_response!(
StatusCode::NOT_FOUND,
"not_found",
"the user does not exist",
)
})?;
let tgt_uid = txn let tgt_uid = txn
.query_row( .query_row(
r" r"
@ -456,29 +473,6 @@ async fn room_create_peer_chat(
"peer user does not exist or disallows peer chat", "peer user does not exist or disallows peer chat",
) )
})?; })?;
let src_uid = txn
.query_row(
r"
SELECT `uid` FROM `user`
WHERE `userkey` = ?
",
params![src_user],
|row| row.get::<_, i64>(0),
)
.optional()?;
let src_uid = match src_uid {
Some(uid) => uid,
None => {
txn.execute(
r"
INSERT INTO `user` (`userkey`)
VALUES (?)
",
params![src_user],
)?;
txn.last_insert_rowid()
}
};
let (peer1, peer2) = if src_uid <= tgt_uid { let (peer1, peer2) = if src_uid <= tgt_uid {
(src_uid, tgt_uid) (src_uid, tgt_uid)
@ -955,8 +949,25 @@ async fn room_join(
) -> Result<(), ApiError> { ) -> Result<(), ApiError> {
let mut conn = st.db.get(); let mut conn = st.db.get();
let txn = conn.transaction()?; let txn = conn.transaction()?;
let is_public_joinable = txn let uid = txn
.query_row( .query_row(
r"
SELECT `uid`
FROM `user`
WHERE `userkey` = ?
",
params![user],
|row| row.get::<_, i32>(0),
)
.optional()?
.ok_or_else(|| {
error_response!(
StatusCode::NOT_FOUND,
"not_found",
"the user does not exist",
)
})?;
txn.query_row(
r" r"
SELECT `attrs` SELECT `attrs`
FROM `room` FROM `room`
@ -966,34 +977,24 @@ async fn room_join(
|row| row.get::<_, RoomAttrs>(0), |row| row.get::<_, RoomAttrs>(0),
) )
.optional()? .optional()?
.is_some_and(|attrs| attrs.contains(RoomAttrs::PUBLIC_JOINABLE)); .filter(|attrs| attrs.contains(RoomAttrs::PUBLIC_JOINABLE))
if !is_public_joinable { .ok_or_else(|| {
return Err(error_response!( error_response!(
StatusCode::NOT_FOUND, StatusCode::NOT_FOUND,
"not_found", "not_found",
"the room does not exist or the user is not allowed to join the room", "the room does not exist or the user is not allowed to join the room",
)); )
} })?;
txn.execute(
r"
INSERT INTO `user` (`userkey`)
VALUES (?)
ON CONFLICT (`userkey`) DO NOTHING
",
params![user],
)?;
let updated = txn.execute( let updated = txn.execute(
r" r"
INSERT INTO `room_member` (`rid`, `uid`, `permission`) INSERT INTO `room_member` (`rid`, `uid`, `permission`)
SELECT :rid, `uid`, :perm SELECT :rid, :uid, :perm
FROM `user`
WHERE `userkey` = :userkey
ON CONFLICT (`rid`, `uid`) DO NOTHING ON CONFLICT (`rid`, `uid`) DO NOTHING
", ",
named_params! { named_params! {
":rid": rid, ":rid": rid,
":userkey": user, ":uid": uid,
":perm": permission, ":perm": permission,
}, },
)?; )?;

17
blahd/tests/webapi.rs
View file

@ -202,11 +202,22 @@ fn server() -> Server {
let mut conn = Connection::open_in_memory().unwrap(); let mut conn = Connection::open_in_memory().unwrap();
Database::maybe_init(&mut conn).unwrap(); Database::maybe_init(&mut conn).unwrap();
conn.execute( {
"INSERT INTO `user` (`userkey`, `permission`) VALUES (?, ?)", let mut add_user = conn
params![*ALICE, ServerPermission::ALL], .prepare(
r"
INSERT INTO `user` (`userkey`, `permission`)
VALUES (?, ?)
",
) )
.unwrap(); .unwrap();
for (user, perm) in [
(&*ALICE, ServerPermission::ALL),
(&BOB, ServerPermission::empty()),
] {
add_user.execute(params![user, perm]).unwrap();
}
}
let db = Database::from_raw(conn).unwrap(); let db = Database::from_raw(conn).unwrap();
// Use std's to avoid async, since we need no name resolution. // Use std's to avoid async, since we need no name resolution.

4
docs/webapi.yaml
View file

@ -138,7 +138,9 @@ paths:
$ref: '#/components/schemas/ApiError' $ref: '#/components/schemas/ApiError'
404: 404:
description: The peer user does not exist or disallows peer chat. description: |
The current user does not exists, the peer user does not exist or
they disallows peer chat.
content: content:
application/json: application/json:
schema: schema: